Page History
...
When restoring the default configuration, the script will also update StudioService.exe.config to set the correct authority url for the newly created realm and the new client secret for the studio-server client.
User Federation: NTLM/LDAP
| Note |
|---|
You may need to consult your administrator in order to fill in the following fields. |
It is possible to link Keycloak to an Active Directory using User Federation. This will allow users to sign in using their AD credentials. To set this up:
- Select User Federation from the navigation panel. From the Add provider drop-down, select
ldap.
- Select which vendor is used:
- Enter the connection url, including the
ldap://prefix. The following command line command may assist in determining the correct url:nslookup -type=all _ldap._tcp.
- Select which credentials Keycloak will use to query the AD, for example as
CN=Keycloak,CN=Services,DC=company,DC=com.
- Test authentication to ensure the configuration works.
- As Edit Mode, choose READ_ONLY
- Select where in the LDAP tree Keycloak can find the Studio users that should be able to log in, for example
CN=MyStudioUsers,DC=company,DC=com.
- Save your changes
- Sync all users in the top right corner:
User Federation: Kerberos
It is possible to link Keycloak to an Active Directory with the Kerberos protocol using User Federation. This will allow users to sign in using their AD credentials. To set this up:
- Select User Federation from the navigation panel and then select "Add Kerberos providers".
- Choose a UI display name
- Enter the Kerberos Realm
- Enter the principal for the server
- Enter the location of the keytab file containing credentials of the given principal
- Set Allow Password Authentication to On:
- Set Edit Mode to READ_ONLY
- In order to test it, a AD user can try to sign in to the Account console for the Studio realm at
http://<domain:port>/Keycloak/realms/<realm>/account
Overview
Content Tools